I am configuring the Legal Hold confirmation server on a new Clearwell v7.1.2 install. By default, links to the confirmation webpage are configured as HTTPS, so when a custodian clicks on a Legal Hold confirmation link, they get this message:
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
We will not be deploying a certificate since all access is internal. The Legal Hold guide suggests two methods to create a certificate but there is a property that will direct the user to a non-secure version of the Confirmation Server, an HTTP address instead of an HTTPS, that will eliminate this error.
Property to change: esa.icp.holds.link.useHttps
Value to set: false
No need to restart services, the new link will go to HTTP and all of the previous hold notices are accessible there.
It was put in as a Tip/How To
I searched for this solution earlier in the day and found no articles. Once I found the answer I wanted to share for the next poor soul who came along looking for the same thing.
My question is seeing as it is internal only and you are being redirected to HTTP anyway why have it use HTTPS at all?
The redirect removes any security that you were hoping to get through HTTPS
I think if HTTPS is needed then installing a full certificate not a self-signed one will not only remove the certificate warning message in IE but it will also ensure that the users are reaching a secure site and any communication is secure.
Just my thoughts :)
In my situation, all traffic is inside our network so HTTPS and a Cert was redundant.
The default installation of the confirmation server directs it to HTTPS. This solution is really only viable in a situation similar to mine.
If someone is inside our network who shouldn't be, the security of our Legal Hold confirmation page are the least of our problems!
Agreed, It should also be in the appliance and the local person responsible for managing the appliance should also have a copy.
If you have specific questions please open a new thread and we will address any questions you have
Thank you for passing on the info. And yes I've arrived to the party a bit late. However, I did create a Tech Note TECH205743 for how to do this and it should be Public soon as I just published it.